<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html version="4.01"><head><title>[retawq] TLS/SSL</title></head>
<body text="#000000" bgcolor="#cccccc" link="#0000ff" vlink="#551a8b"
alink="#551a8b" lang="en">
<center><b><font size="+2">retawq Documentation</font><br><font
size="+1">TLS/SSL</font></b></center>

<p><a name="intro"></a><b>Introduction</b></p>

<p>TLS (Transport Layer Security) is a low-level network protocol which
provides secure communications in networks; that is, communications which
cannot be intercepted, understood or disturbed by "third parties". SSL (Secure
Sockets Layer) is the predecessor of TLS. From here on, let's simply say "TLS"
to mean both.</p>

<p>Currently, retawq utilizes TLS for the <a href="scheme.html">URL schemes</a>
"https" and "ftps". Support for other schemes and for certificate handling is
planned.</p>

<p>To use TLS with retawq, you can choose one of two variants: the <a
href="http://www.gnutls.org/">GnuTLS</a> library or the <a
href="http://www.openssl.org/">OpenSSL</a> library. Don't use library versions
which are older than those mentioned below - that could e.g. cause compilation
or security problems.</p>

<p><a name="gnutls"></a><b>Variant #1: GnuTLS</b></p>

<p>To use this variant, you must have the GnuTLS library installed on your
computer, and the <a href="ctconfig.html">compile-time configuration option</a>
OPTION_TLS must be set to 1.</p>

<p>Support for GnuTLS was introduced in retawq 0.1.6 and was developed and
tested with the - at that time current - GnuTLS version 0.8.9, but you should
normally use the most recent version which is available; newer versions of
security-related software often fix important security problems. On the other
hand, please note that GnuTLS itself requires certain (sometimes old) versions
of other libraries to be installed on your computer and won't work correctly
otherwise - read GnuTLS's own documentation.</p>

<p><a name="openssl"></a><b>Variant #2: OpenSSL</b></p>

<p>To use this variant, you must have the OpenSSL library installed on your
computer, and the <a href="ctconfig.html">compile-time configuration option</a>
OPTION_TLS must be set to 2.</p>

<p>Support for OpenSSL was introduced in retawq 0.1.7 and was developed and
tested with the - at that time current - OpenSSL version 0.9.7b, but you should
normally use the most recent version which is available; newer versions of
security-related software often fix important security problems. (And it's
known that you need at least OpenSSL version 0.9.5; older versions don't work
with retawq.)</p>

<p>When you build retawq, the tool <a
href="http://www.freedesktop.org/software/pkgconfig/">pkg-config</a> is run to
find out where and how OpenSSL is installed on your computer. Especially if the
final linking of retawq fails, please make sure that this tool works; for
example, the shell command "pkg-config --libs openssl" should output a text
which roughly looks similar to the following: "-L/usr/local/lib -lssl -lcrypto
-ldl"; if you get an error message instead, ...</p>

<p><hr>This documentation file is part of version 0.2.6c of <a
href="http://retawq.sourceforge.net/">retawq</a>, a network client created by
<span lang="de">Arne Thoma&szlig;en</span>. retawq is basically released under
certain versions of the GNU General Public License and WITHOUT ANY WARRANTY.
Copyright (C) 2001-2006 <a href="mailto:arne@arne-thomassen.de"><span
lang="de">Arne Thoma&szlig;en</span></a>.</p>
</body></html>
